Changeset 25115
- Timestamp:
- Oct 24, 2013, 12:01:35 PM (11 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/ws_core.inc.php
r25077 r25115 325 325 * @param include_file string - a file to be included befaore the callback is executed 326 326 * @param options array 327 * @option bool hidden (hidden) - if true, this method won't be visible by reflection.getMethodList 327 * @option bool hidden (optional) - if true, this method won't be visible by reflection.getMethodList 328 * @option bool admin_only (optional) 329 * @option bool post_only (optional) 328 330 */ 329 331 function addMethod($methodName, $callback, $params=array(), $description='', $include_file='', $options=array()) … … 389 391 } 390 392 391 /*static*/function isPost()393 static function isPost() 392 394 { 393 395 return isset($HTTP_RAW_POST_DATA) or !empty($_POST); … … 510 512 { 511 513 return new PwgError(WS_ERR_INVALID_METHOD, 'Method name is not valid'); 514 } 515 516 if ( isset($method['options']['post_only']) and $method['options']['post_only'] and !self::isPost() ) 517 { 518 return new PwgError(405, 'This method requires HTTP POST'); 519 } 520 521 if ( isset($method['options']['admin_only']) and $method['options']['admin_only'] and !is_admin() ) 522 { 523 return new PwgError(401, 'Access denied'); 512 524 } 513 525 -
trunk/include/ws_functions.inc.php
r25077 r25115 209 209 function ws_getMissingDerivatives($params, $service) 210 210 { 211 if (!is_admin())212 {213 return new PwgError(403, 'Forbidden');214 }215 216 211 if ( empty($params['types']) ) 217 212 { … … 320 315 function ws_getInfos($params, $service) 321 316 { 322 if (!is_admin())323 {324 return new PwgError(403, 'Forbidden');325 }326 327 317 $infos['version'] = PHPWG_VERSION; 328 318 … … 384 374 function ws_caddie_add($params, $service) 385 375 { 386 if (!is_admin())387 {388 return new PwgError(401, 'Access denied');389 }390 376 global $user; 391 377 $query = ' … … 881 867 function ws_categories_getAdminList($params, $service) 882 868 { 883 if (!is_admin())884 {885 return new PwgError(401, 'Access denied');886 }887 888 869 $query = ' 889 870 SELECT … … 949 930 function ws_images_addComment($params, $service) 950 931 { 951 if (!$service->isPost())952 {953 return new PwgError(405, "This method requires HTTP POST");954 }955 956 932 $query = ' 957 933 SELECT DISTINCT image_id … … 1295 1271 function ws_images_setPrivacyLevel($params, $service) 1296 1272 { 1297 if (!is_admin())1298 {1299 return new PwgError(401, 'Access denied');1300 }1301 if (!$service->isPost())1302 {1303 return new PwgError(405, "This method requires HTTP POST");1304 }1305 1273 global $conf; 1306 1274 if ( !in_array($params['level'], $conf['available_permission_levels']) ) … … 1325 1293 function ws_images_setRank($params, $service) 1326 1294 { 1327 if (!is_admin())1328 {1329 return new PwgError(401, 'Access denied');1330 }1331 1332 if (!$service->isPost())1333 {1334 return new PwgError(405, "This method requires HTTP POST");1335 }1336 1337 1295 // does the image really exist? 1338 1296 $query=' … … 1419 1377 // position 1420 1378 1421 if (!is_admin())1422 {1423 return new PwgError(401, 'Access denied');1424 }1425 1426 if (!$service->isPost())1427 {1428 return new PwgError(405, "This method requires HTTP POST");1429 }1430 1431 1379 foreach ($params as $param_key => $param_value) { 1432 1380 if ('data' == $param_key) { … … 1577 1525 1578 1526 global $conf; 1579 if (!is_admin())1580 {1581 return new PwgError(401, 'Access denied');1582 }1583 1527 1584 1528 // … … 1663 1607 { 1664 1608 global $conf, $user; 1665 if (!is_admin())1666 {1667 return new PwgError(401, 'Access denied');1668 }1669 1609 1670 1610 foreach ($params as $param_key => $param_value) { … … 1817 1757 { 1818 1758 global $conf; 1819 if (!is_admin())1820 {1821 return new PwgError(401, 'Access denied');1822 }1823 1824 if (!$service->isPost())1825 {1826 return new PwgError(405, "This method requires HTTP POST");1827 }1828 1759 1829 1760 if (!isset($_FILES['image'])) … … 1939 1870 function ws_rates_delete($params, $service) 1940 1871 { 1941 global $conf;1942 1943 if (!$service->isPost())1944 {1945 return new PwgError(405, 'This method requires HTTP POST');1946 }1947 1948 if (!is_admin())1949 {1950 return new PwgError(401, 'Access denied');1951 }1952 1953 1872 $query = ' 1954 1873 DELETE FROM '.RATE_TABLE.' … … 1975 1894 function ws_session_login($params, $service) 1976 1895 { 1977 global $conf;1978 1979 if (!$service->isPost())1980 {1981 return new PwgError(405, "This method requires HTTP POST");1982 }1983 1896 if (try_log_user($params['username'], $params['password'],false)) 1984 1897 { … … 2057 1970 function ws_tags_getAdminList($params, $service) 2058 1971 { 2059 if (!is_admin())2060 {2061 return new PwgError(401, 'Access denied');2062 }2063 2064 1972 $tags = get_all_tags(); 2065 1973 return array( … … 2229 2137 function ws_tags_add($params, $service) 2230 2138 { 2231 if (!is_admin())2232 {2233 return new PwgError(401, 'Access denied');2234 }2235 2236 2139 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 2237 2140 … … 2251 2154 2252 2155 global $conf; 2253 2254 if (!is_admin())2255 {2256 return new PwgError(401, 'Access denied');2257 }2258 2156 2259 2157 $split_pattern = '/[\s,;\|]/'; … … 2329 2227 ws_logfile(__FUNCTION__.', input : '.var_export($params, true)); 2330 2228 2331 if (!is_admin())2332 {2333 return new PwgError(401, 'Access denied');2334 }2335 2336 2229 // input parameters 2337 2230 // … … 2395 2288 { 2396 2289 global $conf; 2397 if (!is_admin())2398 {2399 return new PwgError(401, 'Access denied');2400 }2401 2402 if (!$service->isPost())2403 {2404 return new PwgError(405, "This method requires HTTP POST");2405 }2406 2290 2407 2291 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); … … 2535 2419 { 2536 2420 global $conf; 2537 if (!is_admin())2538 {2539 return new PwgError(401, 'Access denied');2540 }2541 2542 if (!$service->isPost())2543 {2544 return new PwgError(405, "This method requires HTTP POST");2545 }2546 2421 2547 2422 if (get_pwg_token() != $params['pwg_token']) … … 2727 2602 { 2728 2603 global $conf; 2729 if (!is_admin())2730 {2731 return new PwgError(401, 'Access denied');2732 }2733 2734 if (!$service->isPost())2735 {2736 return new PwgError(405, "This method requires HTTP POST");2737 }2738 2604 2739 2605 // category_id … … 2774 2640 { 2775 2641 global $conf; 2776 2777 if (!is_admin())2778 {2779 return new PwgError(401, 'Access denied');2780 }2781 2782 if (!$service->isPost())2783 {2784 return new PwgError(405, "This method requires HTTP POST");2785 }2786 2642 2787 2643 // category_id … … 2832 2688 { 2833 2689 global $conf; 2834 if (!is_admin())2835 {2836 return new PwgError(401, 'Access denied');2837 }2838 2839 if (!$service->isPost())2840 {2841 return new PwgError(405, "This method requires HTTP POST");2842 }2843 2690 2844 2691 if (get_pwg_token() != $params['pwg_token']) … … 2903 2750 { 2904 2751 global $conf, $page; 2905 2906 if (!is_admin())2907 {2908 return new PwgError(401, 'Access denied');2909 }2910 2911 if (!$service->isPost())2912 {2913 return new PwgError(405, "This method requires HTTP POST");2914 }2915 2752 2916 2753 if (get_pwg_token() != $params['pwg_token']) … … 3036 2873 global $conf; 3037 2874 3038 if (!is_admin())3039 {3040 return new PwgError(401, 'Access denied');3041 }3042 3043 2875 include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php'); 3044 2876 $ret['message'] = ready_for_upload_message(); … … 3056 2888 { 3057 2889 global $conf; 3058 3059 if (!is_admin())3060 {3061 return new PwgError(401, 'Access denied');3062 }3063 2890 3064 2891 include_once(PHPWG_ROOT_PATH.'admin/include/plugins.class.php'); … … 3095 2922 global $template; 3096 2923 3097 if (!is_admin())3098 {3099 return new PwgError(401, 'Access denied');3100 }3101 3102 2924 if (get_pwg_token() != $params['pwg_token']) 3103 2925 { … … 3128 2950 { 3129 2951 global $template; 3130 3131 if (!is_admin())3132 {3133 return new PwgError(401, 'Access denied');3134 }3135 2952 3136 2953 if (get_pwg_token() != $params['pwg_token']) … … 3306 3123 $update = new updates(); 3307 3124 3308 if (!is_admin())3309 {3310 return new PwgError(401, 'Access denied');3311 }3312 3313 3125 $result = array(); 3314 3126 -
trunk/ws.php
r25077 r25115 136 136 'ws_getInfos', 137 137 null, 138 '<b>Admin only.</b> Returns general informations.' 138 '<b>Admin only.</b> Returns general informations.', 139 null, 140 array('admin_only'=>true) 139 141 ); 140 142 … … 146 148 'type'=>WS_TYPE_ID), 147 149 ), 148 '<b>Admin only.</b> Adds elements to the caddie. Returns the number of elements added.' 150 '<b>Admin only.</b> Adds elements to the caddie. Returns the number of elements added.', 151 null, 152 array('admin_only'=>true) 149 153 ); 150 154 … … 205 209 'type'=>WS_TYPE_INT|WS_TYPE_POSITIVE), 206 210 ), $f_params), 207 '<b>Admin only.</b> Returns a list of derivatives to build.' 211 '<b>Admin only.</b> Returns a list of derivatives to build.', 212 null, 213 array('admin_only'=>true) 208 214 ); 209 215 … … 217 223 'key' => array(), 218 224 ), 219 '<b>POST only.</b> Adds a comment to an image.' 225 '<b>POST only.</b> Adds a comment to an image.', 226 null, 227 array('post_only'=>true) 220 228 ); 221 229 … … 269 277 'type'=>WS_TYPE_INT|WS_TYPE_POSITIVE), 270 278 ), 271 '<b>Admin & POST only.</b> Sets the privacy levels for the images.' 279 '<b>Admin & POST only.</b> Sets the privacy levels for the images.', 280 null, 281 array('admin_only'=>true, 'post_only'=>true) 272 282 ); 273 283 … … 280 290 'rank' => array('type'=>WS_TYPE_INT|WS_TYPE_POSITIVE|WS_TYPE_NOTNULL) 281 291 ), 282 '<b>Admin & POST only.</b> Sets the rank of a photo for a given album.' 292 '<b>Admin & POST only.</b> Sets the rank of a photo for a given album.', 293 null, 294 array('admin_only'=>true, 'post_only'=>true) 283 295 ); 284 296 … … 290 302 'anonymous_id' => array('default'=>null), 291 303 ), 292 '<b>Admin & POST only.</b> Deletes all rates for a user.' 304 '<b>Admin & POST only.</b> Deletes all rates for a user.', 305 null, 306 array('admin_only'=>true, 'post_only'=>true) 293 307 ); 294 308 … … 304 318 'ws_session_login', 305 319 array('username', 'password'), 306 '<b>POST only.</b> Tries to login the user.' 320 '<b>POST only.</b> Tries to login the user.', 321 null, 322 array('post_only'=>true) 307 323 ); 308 324 … … 358 374 'position' => array() 359 375 ), 360 '<b>Admin & POST only.</b> Add a chunk of a file.' 376 '<b>Admin & POST only.</b> Add a chunk of a file.', 377 null, 378 array('admin_only'=>true, 'post_only'=>true) 361 379 ); 362 380 … … 371 389 ), 372 390 '<b>Admin only.</b> Add or update a file for an existing photo. 373 <br>pwg.images.addChunk must have been called before (maybe several times).' 391 <br>pwg.images.addChunk must have been called before (maybe several times).', 392 null, 393 array('admin_only'=>true) 374 394 ); 375 395 … … 402 422 '<b>Admin only.</b> Add an image. 403 423 <br>pwg.images.addChunk must have been called before (maybe several times). 404 <br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.' 424 <br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.', 425 null, 426 array('admin_only'=>true) 405 427 ); 406 428 … … 426 448 <br>Use the <b>$_FILES[image]</b> field for uploading file. 427 449 <br>Set the form encoding to "form-data". 428 <br>You can update an existing photo if you define an existing image_id.' 450 <br>You can update an existing photo if you define an existing image_id.', 451 null, 452 array('admin_only'=>true, 'post_only'=>true) 429 453 ); 430 454 … … 436 460 'pwg_token' => array(), 437 461 ), 438 '<b>Admin & POST only.</b> Deletes image(s).' 462 '<b>Admin & POST only.</b> Deletes image(s).', 463 null, 464 array('admin_only'=>true, 'post_only'=>true) 439 465 ); 440 466 … … 443 469 'ws_categories_getAdminList', 444 470 null, 445 '<b>Admin only.</b>' 471 '<b>Admin only.</b>', 472 null, 473 array('admin_only'=>true) 446 474 ); 447 475 … … 474 502 '<b>Admin & POST only.</b> Deletes album(s). 475 503 <br><b>photo_deletion_mode</b> can be "no_delete" (may create orphan photos), "delete_orphans" 476 (default mode, only deletes photos linked to no other album) or "force_delete" (delete all photos, even those linked to other albums)' 504 (default mode, only deletes photos linked to no other album) or "force_delete" (delete all photos, even those linked to other albums)', 505 null, 506 array('admin_only'=>true, 'post_only'=>true) 477 507 ); 478 508 … … 486 516 ), 487 517 '<b>Admin & POST only.</b> Move album(s). 488 <br>Set parent as 0 to move to gallery root. Only virtual categories can be moved.' 518 <br>Set parent as 0 to move to gallery root. Only virtual categories can be moved.', 519 null, 520 array('admin_only'=>true, 'post_only'=>true) 489 521 ); 490 522 … … 496 528 'image_id' => array('type'=>WS_TYPE_ID), 497 529 ), 498 '<b>Admin & POST only.</b> Sets the representative photo for an album. The photo doesn\'t have to belong to the album.' 530 '<b>Admin & POST only.</b> Sets the representative photo for an album. The photo doesn\'t have to belong to the album.', 531 null, 532 array('admin_only'=>true, 'post_only'=>true) 499 533 ); 500 534 … … 503 537 'ws_tags_getAdminList', 504 538 null, 505 '<b>Admin only.</b> ' 539 '<b>Admin only.</b>', 540 null, 541 array('admin_only'=>true) 506 542 ); 507 543 … … 510 546 'ws_tags_add', 511 547 array('name'), 512 '<b>Admin only.</b> Adds a new tag.' 548 '<b>Admin only.</b> Adds a new tag.', 549 null, 550 array('admin_only'=>true) 513 551 ); 514 552 … … 521 559 ), 522 560 '<b>Admin only.</b> Checks existence of images. 523 <br>Give <b>md5sum_list</b> if $conf[uniqueness_mode]==md5sum. Give <b>filename_list</b> if $conf[uniqueness_mode]==filename.' 561 <br>Give <b>md5sum_list</b> if $conf[uniqueness_mode]==md5sum. Give <b>filename_list</b> if $conf[uniqueness_mode]==filename.', 562 null, 563 array('admin_only'=>true) 524 564 ); 525 565 … … 534 574 ), 535 575 '<b>Admin only.</b> Checks if you have updated version of your files for a given photo, the answer can be "missing", "equals" or "differs". 536 <br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.' 576 <br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.', 577 null, 578 array('admin_only'=>true) 537 579 ); 538 580 … … 541 583 'ws_images_checkUpload', 542 584 null, 543 '<b>Admin only.</b> Checks if Piwigo is ready for upload.' 585 '<b>Admin only.</b> Checks if Piwigo is ready for upload.', 586 null, 587 array('admin_only'=>true) 544 588 ); 545 589 … … 567 611 <br><b>single_value_mode</b> can be "fill_if_empty" (only use the input value if the corresponding values is currently empty) or "replace" 568 612 (overwrite any existing value) and applies to single values properties like name/author/date_creation/comment. 569 <br><b>multiple_value_mode</b> can be "append" (no change on existing values, add the new values) or "replace" and applies to multiple values properties like tag_ids/categories.' 613 <br><b>multiple_value_mode</b> can be "append" (no change on existing values, add the new values) or "replace" and applies to multiple values properties like tag_ids/categories.', 614 null, 615 array('admin_only'=>true, 'post_only'=>true) 570 616 ); 571 617 … … 578 624 'comment' => array('default'=>null), 579 625 ), 580 '<b>Admin & POST only.</b> Changes properties of an album.' 626 '<b>Admin & POST only.</b> Changes properties of an album.', 627 null, 628 array('admin_only'=>true, 'post_only'=>true) 581 629 ); 582 630 … … 585 633 'ws_plugins_getList', 586 634 null, 587 '<b>Admin only.</b> Gets the list of plugins with id, name, version, state and description.' 635 '<b>Admin only.</b> Gets the list of plugins with id, name, version, state and description.', 636 null, 637 array('admin_only'=>true) 588 638 ); 589 639 … … 596 646 'pwg_token' => array(), 597 647 ), 598 '<b>Admin only.</b>' 648 '<b>Admin only.</b>', 649 null, 650 array('admin_only'=>true) 599 651 ); 600 652 … … 607 659 'pwg_token' => array(), 608 660 ), 609 '<b>Admin only.</b>' 661 '<b>Admin only.</b>', 662 null, 663 array('admin_only'=>true) 610 664 ); 611 665 … … 619 673 'pwg_token' => array(), 620 674 ), 621 '<b>Webmaster only.</b>' 675 '<b>Webmaster only.</b>', 676 null, 677 array('admin_only'=>true) 622 678 ); 623 679 … … 634 690 'pwg_token' => array(), 635 691 ), 636 '<b>Webmaster only.</b> Ignores an extension if it needs update.' 692 '<b>Webmaster only.</b> Ignores an extension if it needs update.', 693 null, 694 array('admin_only'=>true) 637 695 ); 638 696 … … 641 699 'ws_extensions_checkupdates', 642 700 null, 643 '<b>Admin only.</b> Checks if piwigo or extensions are up to date.' 701 '<b>Admin only.</b> Checks if piwigo or extensions are up to date.', 702 null, 703 array('admin_only'=>true) 644 704 ); 645 705 }
Note: See TracChangeset
for help on using the changeset viewer.